protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { HealthCheckGroupData domainadmins = null; foreach (HealthCheckGroupData group in healthcheckData.PrivilegedGroups) { if (group.GroupName == "Domain Admins") { domainadmins = group; break; } } if (domainadmins == null) { Trace.WriteLine("Group domain admins not found"); return(0); } if (domainadmins.Members != null) { return(domainadmins.NumberOfMemberPwdNeverExpires); } int countnok = 0; int countexception = 0; foreach (var member in domainadmins.Members) { if (member.DoesPwdNeverExpires) { if (member.PwdLastSet > DateTime.Now.AddDays(-30)) { Trace.WriteLine("Rule for pwd last set disable because password changed recently for " + member.Name); countexception++; } else { countnok++; } } } return(countnok); }
private HealthCheckGroupData AnalyzeGroupData(string resolveSidServer, string groupName, IEnumerable <ADItem> members) { HealthCheckGroupData data = new HealthCheckGroupData(); data.GroupName = groupName; data.Members = new List <HealthCheckGroupMemberData>(); foreach (ADItem x in members) { // avoid computer included in the "cert publisher" group if (x.Class == "computer") { continue; } data.NumberOfMember++; HealthCheckGroupMemberData member = new HealthCheckGroupMemberData(); data.Members.Add(member); member.DistinguishedName = x.DistinguishedName; // special case for foreignsecurityprincipals if (x.Class != "user") { data.NumberOfExternalMember++; member.IsExternal = true; member.Name = x.Name; if (x.Name.StartsWith("S-1-", StringComparison.InvariantCultureIgnoreCase)) { // try to solve the SID member.Name = NativeMethods.ConvertSIDToName(x.Name, resolveSidServer); } } else { // analyse useraccountcontrol member.Name = x.SAMAccountName; member.PwdLastSet = x.PwdLastSet; member.LastLogonTimestamp = x.LastLogonTimestamp; if ((x.UserAccountControl & 0x00000002) != 0) { data.NumberOfMemberDisabled++; } else { data.NumberOfMemberEnabled++; member.IsEnabled = true; // last login since 6 months if (x.LastLogonTimestamp.AddDays(6 * 31) > DateTime.Now) { data.NumberOfMemberActive++; member.IsActive = true; } else { data.NumberOfMemberInactive++; } if (x.ServicePrincipalName != null && x.ServicePrincipalName.Length > 0) { member.IsService = true; data.NumberOfServiceAccount++; } if ((x.UserAccountControl & 0x00000010) != 0) { member.IsLocked = true; data.NumberOfMemberLocked++; } if ((x.UserAccountControl & 0x00010000) != 0) { data.NumberOfMemberPwdNeverExpires++; member.DoesPwdNeverExpires = true; } if ((x.UserAccountControl & 0x00000020) != 0) { data.NumberOfMemberPwdNotRequired++; } // this account is sensitive and cannot be delegated if ((x.UserAccountControl & 0x100000) == 0) { data.NumberOfMemberCanBeDelegated++; member.CanBeDelegated = true; } if ((x.UserAccountControl & 0x40000) != 0) { data.NumberOfSmartCardRequired++; member.SmartCardRequired = true; } } } } return(data); }